Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• A judge sentenced a former Costa Rican businessman
to 60 years in prison October 23, for his $485 million international insurance
fraud and money laundering scheme. – Associated Press See item 7 below in the Banking and Finance Sector

• An Amtrak train carrying 174 passengers and
4 crew members that derailed at high speed near Niles, Michigan, after
departing Chicago October 21, stopped only 21 feet before it would have
collided with parked freight hopper cars, the National Transportation Safety
Board (NTSB) said October 23. – Chicago Tribune

15. October 23, Chicago Tribune –
(Michigan) NTSB: Chicago-Michigan Amtrak missed freight cars by 21 feet. An
Amtrak train carrying 174 passengers and 4 crew members that derailed at high
speed near Niles, Michigan, after departing Chicago October 21 stopped only 21
feet before it would have collided with parked freight hopper cars, the
National Transportation Safety Board (NTSB) said October 23. Moments before the
accident, which injured nine passengers, the train traveled over a misaligned
track switch that diverted it into a rail yard, investigators said. The
misaligned, or reversed, track switch sent the train into the rail yard instead
of continuing on the main track it was on, the investigation determined. The
reversed track switch would appear to indicate human error on the part of
Amtrak. A derailing device had been installed between the yard track and the
main track as a protective measure to derail any cars that might accidentally
roll out of the yard before they could reach the main track, officials said.
The Amtrak train dislodged the derailing device, but the train did not derail at
that point, investigators found. The train continued on the yard track and
derailed about 290 feet beyond the reversed switch, stopping with all cars
upright, officials said. The Amtrak locomotive was a so-called “smart train,’’
equipped with a safety system called Incremental Train Control System that is
designed to detect problems involving track switches, signals, and railroad
crossing warning devices. The cause of the derailment was still under
investigation. Source: http://articles.chicagotribune.com/2012-10-23/news/chi-ntsb-chicagomichigan-amtrak-missed-hitting-freight-car-by-21-feet-20121023_1_marc-magliari-amtrak-trains-track-switch

• Researchers warned that security flaws in
airline boarding passes could allow would-be terrorists or smugglers to know in
advance whether they will be subject to certain security measures, and perhaps
even permit them to modify the designated measures, the Washington Post
reported October 23. – Washington Post

16.
October 23, Washington Post –
(National) Experts warn about security flaws in airline boarding passes. Researchers
warned that security flaws in airline boarding passes could allow would-be
terrorists or smugglers to know in advance whether they will be subject to
certain security measures, and perhaps even permit them to modify the
designated measures, the Washington Post reported October 23. The vulnerabilities
center on the Transportation Security Administration’s (TSA) pre-screening
system, a paid-for program in which the screening process is expedited for
travelers at the airport: Under the program, passengers can still be subject at
random to conventional security screening. Flight enthusiasts, however,
recently discovered that the bar codes printed on all boarding passes — which
travelers can obtain up to 24 hours before arriving at the airport — contain
information on which security screening a passenger is set to receive. Simply
by using a smartphone or similar device to check the bar code, travelers could
determine whether they would pass through full security screening, or the
expedited process. The findings highlight serious vulnerabilities in the
current TSA security systems, according to a security expert. Source: http://www.washingtonpost.com/national/experts-warn-about-security-flaws-
in-airline-boarding-passes/2012/10/23/ed408c80-1d3c-11e2-b647-
bb1668e64058_story.html

• The drug-mixing pharmacy in Massachusetts
linked to a deadly meningitis outbreak failed to sterilize its products the
minimum required time, did not keep its manufacturing equipment sanitary, and
operated a leaky boiler near the “clean room” where drugs were packaged, State
officials said October 22. – Wall Street Journal

22. October
23, Wall Street Journal – (Massachusetts) State: Pharmacy ignored
safety rules. The drug-mixing pharmacy in Massachusetts linked to a deadly
meningitis outbreak failed to sterilize its products the minimum required time,
did not keep its manufacturing equipment sanitary, and operated a leaky boiler
near the “clean room” where drugs were packaged, State officials said October
22. On 13 occasions, New England Compounding Center (NECC) shipped products
from two now-recalled batches of the steroid linked to the outbreak before
receiving a report from an outside lab that tested them for safety, violating
industry-backed guidelines the company said it followed, Massachusetts health
officials said. Some medicines were sent 11 days before receiving a report. In
addition, NECC did not test its manufacturing equipment, such as a machine used
to sterilize its injectable drugs, as regularly as industry standards call for.
October 2, officials found “visible particulate black matter” in several vials
of the drug that had been recalled, which later were confirmed by the Food and
Drug Administration to be a fungal contaminant. The findings were preliminary
results from an investigation by State and federal health officials into the
nationwide outbreak, which has sickened 304 people, killing 23. The State has
taken the first step towards permanently revoking the license of the pharmacy
and its three principal pharmacists. Investigators have not yet pinpointed what
contaminated the vials of steroid injections. Still under investigation is the
presence of a recycling center in the same building complex as the pharmacy and
a boiler that was leaking in the room next to the laboratory where medicines
were made. The leaking water “created an environment in which contaminations
could have occurred,” a health official said. The findings underscore the gray
area of regulation that NECC and other compounding pharmacies occupy. The
company was covered by rules intended for small pharmacies, while operating
more like a traditional drug maker, with significant manufacturing and
interstate distribution, officials said. Source: http://online.wsj.com/article/SB10001424052970203406404578075092760806164.html?KEYWORDS=pharmacy

Details

Banking and Finance Sector

5. October
24, Plymouth Patch – (Minnesota) California man faces new charges in credit
card-skimming scheme. A California man arrested in Plymouth, Minnesota, in
July and charged with masterminding a sophisticated identity theft scheme using
credit card skimming devices in the Twin Cities is facing three more charges in
connection with the scheme, the Plymouth Patch reported October 24. Plymouth
police arrested the man and his wife July 6 for speeding. A search of their
rental car turned up a list of 100 Twin Cities’ gas stations, along with a computer
file on how to repair a gasoline pump, a magnetic card reader, many new credit
cards in both their names, numerous blank credit cards, a cordless drill, and a
computer. When police visited one of the gas stations on the list they found
that credit card-skimming devices were installed on six of the eight gas pumps.
Earlier, the owner of another gas station contacted police and reported that
credit-card skimmers were installed on two gas pumps. Officers were able to
match DNA on the devices to the husband. Officers obtained a search warrant in
September to conduct a forensic review of the credit-card skimmers and found
more than 100 names and credit-card information was acquired. Prior to the
Minnesota cases, the husband was previously arrested in May in Glendale,
California, and charged with identity theft. Police found about 40 handwritten
Social Security numbers and electronic storage devices containing more Social
Security numbers and fraudulent credit cards in different names in his
possession in that case, according to a complaint. Source: http://plymouth-mn.patch.com/articles/california-man-faces-new-charges-in-credit-card-skimming-scheme

6. October
24, Reuters – (National) Barnes & Noble reports breach of U.S. customer
credit card data. Retailer Barnes & Noble said customers who shopped at
63 of its stores as recently as September may have had their credit card
information stolen, and that federal law enforcement authorities have been
informed of the breach, Reuters reported October 24. All PIN pads at its 700
stores were disconnected by the close of business September 14 due to signs of
tampering on some of the units, the company said in a statement. Stores in
California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New
York, Pennsylvania, and Rhode Island were affected, Barnes & Noble said.
The company advised those who have swiped their cards at stores in the affected
states to change their debit-card PIN numbers as a precaution, and to review
their statements for unauthorized transactions. Still, the company said its
customer database was secure, and that purchases made on the Barnes & Noble
Web site, Nook e-reader, and Nook mobile apps were not affected. Source: http://www.reuters.com/article/2012/10/24/us-barnesnoble-breach-
idUSBRE89N05L20121024

7. October
23, Associated Press – (Virginia;
International) Former Costa Rican businessman convicted in $485M fraud
scheme sentenced in Va. to 60 years. A judge sentenced a former Costa Rican
businessman and professional soccer team owner to 60 years in prison October
23, for his $485 million insurance fraud scheme. The man, the president of
Provident Capital Indemnity Ltd, was convicted in April on 10 fraud and money
laundering counts in a scam prosecutors said claimed thousands of victims
worldwide. Provident sold bonds guaranteeing funding for life settlement firms.
The bonds were sold based on fraudulent financial statements and were not
protected by reinsurance agreements with major companies, as the man had
claimed. As a result, many investors lost their life savings. The 60-year
sentence equals the term given to a Spring, Texas man who worked for a life
settlement company called A&O that did business with Provident. Another
A&O principal was sentenced to 45 years, and five other conspirators have
received shorter sentences. An accountant convicted of conducting a phony audit
for Provident will be sentenced in November. The Provident and A&O cases
were brought in Virginia because that was where some of the victims and
transactions were located. Source: http://www.washingtonpost.com/national/former-costa-rican-businessman-
convicted-in-485m-fraud-scheme-sentenced-in-va-to-60-years/2012/10/23/1b8dc908-
1d52-11e2-8817-41b9a7aaabc7_story.html

8. October
23, WTOP 103.5 FM Washington D.C. – (District of Columbia;
Maryland; Virginia) D.C. tax employee accused of filing millions in
fraudulent returns. An employee at the Washington D.C. Office of Tax and
Revenue is facing charges for helping to file hundreds of bogus federal and
local tax returns that, together with co- conspirators, netted about $14
million in fraudulent tax refunds, WTOP 103.5 FM Washington D.C. reported
October 23. Prosecutors charge that the employee and at least two
co-conspirators filed more than 900 federal tax returns and nearly 300 D.C. tax
returns that were fraudulent. Prosecutors have not determined the number of
false returns filed in Maryland and Virginia, but acknowledge some were filed
there as well. A filing by the U.S. Attorney’s Office said the employee — a
control technician at the D.C. Office of Tax and Revenue (OTR) — also worked at
2FT Fast Facts Tax Service, a tax preparation company that was the subject of a
federal investigation. The court records indicated the employee would use her
position in the OTR to monitor the audit status of her clients’ tax returns and
to help those clients file bogus tax returns. According to prosecutors, the
employee and her co-conspirators would reduce their clients’ taxable income by
claiming bogus deductions for charitable contributions and work-related
expenses. Source: http://www.wtop.com/109/3089836/DC-tax-employee-accused-of-filing-
millions-in-fraudulent-returns

9. October
23, U.S. Federal Trade Commission – (International) U.S.
defendants who allegedly abetted fake debt collector calls from India agree to
settle FTC charges. A man who worked with bogus debt collectors in India
agreed to settle U.S. Federal Trade Commission (FTC) charges that he and his
companies deceived and threatened consumers into paying debts that were not
owed or that the defendants were not authorized to collect totaling $5.4
million, according to a October 23 FTC release. The settlement bars the man,
American Credit Crunchers, LLC, and Ebeeze, LLC, from debt collection, and
prohibits them from misrepresenting that they are affiliated with the
government or a non-profit group, buying any good or service, any aspects of
the good or service, and their refund policy. The FTC’s February 2012 complaint
alleged that the callers who worked with the defendants would contact consumers
who previously received or inquired about online payday loans. Often pretending
to be law enforcement or other government authorities, the callers would
falsely threaten to immediately arrest and jail consumers if they did not agree
to make a payment on a supposedly delinquent payday loan. The FTC alleged that
information submitted by consumers who had applied online for these loans found
its way into the hands of the defendants, who used it to convince consumers
that they owed them money. The FTC charged the defendants with violating the
FTC Act and the Fair Debt Collection Practices Act. Source: http://www.ftc.gov/opa/2012/10/americancredit.shtm

10. October
23, Riverside Press-Enterprise – (California) ‘Desperate
Bandit’ linked to bank robbery. A man who robbed a Temecula, California
bank October 15, is believed to be the “Desperate Bandit,” who is suspected in
seven other bank robberies, including one in Corona, authorities said October
23. Riverside County sheriff’s officials said the man went into a Pacific Trust
Bank carrying a black briefcase. He gave a teller a note that said he had a
weapon and demanded cash. The string of robberies appears to have begun August
8, at a US Bank branch in Chino, FBI officials said. The man is also suspected
of robbing a Bank of America branch in Corona on September 15, and robbing
banks in Anaheim, Fullerton, La Habra, Placentia, and Tustin. Source: http://www.pe.com/local-news/riverside-county/temecula/temecula-headlines-
index/20121023-temecula-desperate-bandit-linked-to-bank-robbery.ece

11. October
23, USA Today – (Pennsylvania) FBI: Phila. baggage worker stole $20K in new
$100 bills. The FBI arrested a US Airways baggage handler at Philadelphia
International Airport October 23, for allegedly stealing $20,000 worth of
redesigned $100 bills not yet in circulation. The man admitted swiping the
currency after a polygraph, an FBI agent said in an affidavit. He then led
agents to the new bills, which he had stashed in his wife’s car. The FBI said
the money was stolen October 11, from a $3.2 million shipment of new,
security-enhanced bills being transferred from Dallas to the Federal Reserve in
East Rutherford, New Jersey. The FBI said the man was the only handler who had
access to the money. Source: http://www.greenvilleonline.com/usatoday/article/1653415?odyssey=mod|newswell|text|News|s

Information Technology Sector

27. October
24, The Register – (International) Hackers get 10 months to pwn victims with
0-days before world+dog finds out. Hackers exploit security vulnerabilities
in software for 10 months on average before details of the holes surface in
public, according to a new study. Researchers from Symantec believe that these
zero-day attacks, so called because they are launched well before vendors are
even aware of the vulnerabilities, are more prevalent and more potent than
previously thought. Zero-day exploits are often closely guarded secrets and can
be very valuable to criminals — but once details of the exploited flaws emerge
in public, developers and system administrators can get to work to mitigate or
halt the attacks. However, this also reveals to everyone else that these holes
exist in systems. Two researchers from Symantec Research Labs identified 18
zero-day attacks between 2008 and 2011, and 11 of them were previously
undetected. “A typical zero-day attack lasts 312 days on average and that,
after vulnerabilities are disclosed publicly, the volume of attacks exploiting
them increases by up to five orders of magnitude,” the researchers noted.
Source: http://www.theregister.co.uk/2012/10/24/zero_day_study/

28. October
24, Softpedia – (International) The FBI warns of dating extortion scams and
payday loan schemes. The FBI’s Internet Crime Complaint Center (IC3) issued
an alert to warn Internet users about the new twists added by scammers to
previously existing scams. The advisory comes after the agency received a large
number of complaints from victims. The first type of improved scam detailed in
the advisory refers to “dating extortion.” In these plots, the criminals select
their victims on online dating Web sites. After gaining their trust, the
fraudsters attempt to convince users to take part in sexual conversations. Soon
afterwards, the victims receive a text message with a link to a Web site that
contains their names, phone numbers, photographs, and the adult-themed
conversations they had with the con artist. These “cheater” Web sites offer
customers the chance to purchase the conversations for $9. The information can
also be removed from the site for $99. However, according to the victims’
reports, the information was not removed from the Web sites even after the
money was paid. Payday loan schemes are also highly common, but the “improved”
variants do not just involve harassing phone calls, but also home visits from
the so-called debt collectors. In these scams, victims are harassed in myriad
ways about an alleged loan which they must repay. Although many of the targets
of these plots never applied for payday loans, the con artists keep threatening
them until they submit. Source: http://news.softpedia.com/news/The-FBI-Warns-of-Dating-Extortion-Scams-
and-Payday-Loan-Schemes-301859.shtml

29. October
24, Infosecurity – (International) Sony PS3 hacked again. Sony’s policy of
maintaining control over what software can run on its PS3 console has been
undermined — some suggest permanently — by the release of the PS3 LVO
decryption keys. The PS3 has been hacked before, notably by a hacking group
called fail0verflow which
discovered the ECDSA cryptographic key used by the console to authorize high-
level operations. This allowed users to run any code, rather than just
Sony-allowed code. Sony responded with the release of the 3.60 firmware, which
plugged most known security holes. Now, a group called the Three Muskateers has
leaked the LVO decryption keys. According to Eurogamer, “the reveal of the LV0
key basically means that any system update released by Sony going forward can
be decrypted with little or no effort whatsoever.” Source: http://www.infosecurity-magazine.com/view/28956/sony-ps3-hacked-again/

30. October
24, Help Net Security – (International) Weak crypto allowed
spoofing emails from Google, PayPal domains. A mathematician discovered
that Google and many other big Internet companies use weak cryptographic keys
for certifying the emails sent from their corporate domains — a weakness that
can easily be exploited by spammers and phishers to deliver emails that look
like they were sent by the companies in question. According to Wired, he
discovered the flaw after receiving an email from a Google job recruiter.
Doubting its authenticity, he checked the email’s header information, and it
seemed legitimate. However, he also noticed the DomainKeys Identified Mail key
the company uses for the google.com emails was only 512 bits long and,
therefore, crackable within days with the help of cloud computing. Believing
this to be a recruiting test, he decided to crack the key and use it send
emails to Google’s two founders from themselves. After receiving no reply at
first, he decided to re-check Google’s cryptographic key. He discovered it
changed to the standard length, leading him to conclude Google was unaware of
this vulnerability until they received his emails. The mathematician then
examined whether other popular firms, online services, and social networks were
vulnerable to the same attack. He discovered that PayPal, eBay, Apple, Amazon, Twitter,
and many other companies — including several banks — were using 384 bits, 512
bits, or 768 bits keys. Source: http://www.net-security.org/secworld.php?id=13833

Communications Sector

31. October
24, Associated Press – (Michigan) Authorities report phone problems around Michigan.
Authorities in Michigan reported scattered problems with phone service
around the State. Officials in Oakland County, which includes Detroit’s
northern suburbs, said government offices had trouble October 24 with incoming
and outgoing phone calls because of a problem with its carrier’s network. Calls
still were going
through to a switchboard and toll-free lines. In west Michigan, police in the
Grand Rapids suburb of Wyoming reported problems with incoming and outgoing
calls. MLive.com reported 9-1-1 service was working. AnnArbor.com reported non-
emergency phone service at City of Ann Arbor offices was down October 24.
Employees could not make or receive calls. Non-emergency service was affected
at a Washtenaw County dispatch center, which handles dispatching for Ann Arbor,
Washtenaw County, and Ypsilanti. Phone problems also were reported in Midland
and St. Clair counties. Source: http://wwmt.com/template/inews_wire/wires.regional.mi/3e4bbd56-www.wwmt.com.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"